<?xml version="1.0" encoding="UTF-8"?>
<beans xmlns="http://www.springframework.org/schema/beans"
       xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
       xmlns:security="http://www.springframework.org/schema/security"
       xsi:schemaLocation="http://www.springframework.org/schema/beans
                           http://www.springframework.org/schema/beans/spring-beans-3.0.xsd
                           http://www.springframework.org/schema/security
                           http://www.springframework.org/schema/security/spring-security-3.0.xsd">

    <security:global-method-security secured-annotations="enabled" />
    
    <security:http auto-config="true">
        <!-- Restrict URLs based on role -->
        <security:intercept-url pattern="/register*" access="IS_AUTHENTICATED_ANONYMOUSLY" />
        <security:intercept-url pattern="/login*" access="IS_AUTHENTICATED_ANONYMOUSLY" />
        <security:intercept-url pattern="/logoutSuccess*" access="IS_AUTHENTICATED_ANONYMOUSLY" />
        
        <security:intercept-url pattern="/css/**" access="IS_AUTHENTICATED_ANONYMOUSLY" />
        <security:intercept-url pattern="/js/**" access="IS_AUTHENTICATED_ANONYMOUSLY" />
        <security:intercept-url pattern="/images/**" access="IS_AUTHENTICATED_ANONYMOUSLY" />
        
        <security:intercept-url pattern="/**" access="ROLE_USER" />

        <!-- Override default login and logout pages -->
        <security:form-login login-page="/login.html" 
                             login-processing-url="/loginProcess" 
                             default-target-url="/home.html" 
                             authentication-failure-url="/login.html?login_error=1" />
        <security:logout logout-url="/j_spring_security_logout" logout-success-url="/login.html" />
    </security:http>

	<security:authentication-manager>
		<security:authentication-provider>
			<security:jdbc-user-service 
                                data-source-ref="dataSource"  
                                authorities-by-username-query="SELECT ? as username, 'ROLE_USER' as privilege"/>

			<!-- david:newyork alex:newjersey tim:illinois --> 
        <!-- 
        <security:password-encoder hash="md5" />
        <security:user-service>
            <security:user name="david" password="369389d19e24204b4927e30dd7c39efc" authorities="ROLE_USER,ROLE_ADMIN" />
            <security:user name="alex" password="847c6f184197dc1545d9891d42814a7d" authorities="ROLE_USER" />
            <security:user name="tim" password="0513111ff330e25c631b5d3e9c0a4aae" authorities="ROLE_USER" />
        </security:user-service>
        -->
    </security:authentication-provider>
</security:authentication-manager>
    
</beans>